-
Committer:
Bazaar Package Importer
-
Author(s):
William Grant
-
Date:
2007-12-02 22:10:39 UTC
-
Revision ID:
james.westby@ubuntu.com-20071202221039-wpryghwmp3jf0w1g
Tags: 2:0.99+1.0pre7try2+cvs20060117-0ubuntu8.1
* SECURITY UPDATE: buffer overruns in CDDB (LP: #118855), DMO decoder
(LP: #92968), RTSP handler (LP: #163291) and ASF decoder (LP: #163293).
* debian/patches/61_CVE-2006-1502.dpatch: Ensure that ASF index chunks are
of a sane size. Patch from Mandriva.
* debian/patches/62_CVE-2006-6172.dpatch: Don't match too many ASM rules,
lest we overrun the buffers. Patch provided by upstream.
* debian/patches/60_CVE-2007-1246.dpatch: Avoid buffer overrun in DMO
decoder. Patch from upstream SVN.
* debian/patches/63_CVE-2007-2948.dpatch: Don't take strings of unlimited
length from CDDB input. Patch from upstream SVN.
* References
CVE-2006-1502
CVE-2006-6172
CVE-2007-1246
CVE-2007-2948